offline/oc-cors-plugin

Setup and manage Cross-Origin Resource Sharing headers in October CMS

CORS plugin for October CMS

This plugin is based on https://github.com/barryvdh/laravel-cors., _(*1)

All configuration for the plugin can be done via the backend settings., _(*2)

The following cors headers are supported:, _(*3)

• Access-Control-Allow-Origin
• Access-Control-Allow-Headers
• Access-Control-Allow-Methods
• Access-Control-Allow-Credentials
• Access-Control-Expose-Headers
• Access-Control-Max-Age

Currently these headers are sent for every request. There is no per-route configuration possible at this time., _(*4)

Setup

After installing the plugin visit the CORS settings page in your October CMS backend settings., _(*5)

You can add * as an entry to Allowed origins, Allowed headers and Allowed methods to allow any kind of CORS request from everywhere., _(*6)

It is advised to be more explicit about these settings. You can add values for each header via the repeater fields., _(*7)

It is important to set these intial settings once for the plugin to work as excpected!, _(*8)

Filesystem configuration

As an alternative to the backend settings you can create a config/config.php file in the plugins root directory to configure it., _(*9)

The filesystem configuration will overwrite any defined backend setting., _(*10)

<?php
// plugins/offline/cors/config/config.php
return [
    'supportsCredentials'         => true,
    'maxAge'                      => 3600,
    'allowedOrigins'              => ['*'],
    'allowedHeaders'              => ['*'],
    'allowedMethods'              => ['GET', 'POST'],
    'exposedHeaders'              => [''],
    'preflightResponseStatusCode' => 204,
];